Castle

493 posts

Castle banner
Castle

Castle

@Castle_io

APIs for account security and anti-abuse

Brooklyn, NY Katılım Ekim 2013
349 Takip Edilen799 Takipçiler
Castle
Castle@Castle_io·
Castle's research team just shared a free dataset of 1063 recent temporary Gmail accounts tied to abuse and fake account creation 👀 Normalized + canonicalized for easier correlation against your own signups. Is your current anti-fraud stack actually catching this? 🤔
Antoine Vastel@xopek59

I heard you like free fraud intel 👀 So here’s a dataset of 1063 recent temporary Gmail accounts observed from a provider used for fake account creation (canonical form). gist.github.com/antoinevastel/… One thing that’s interesting: these services often abuse 2 legit Gmail features: - dot variations - plus aliases Example: account1generated@gmail.com becomes: - ac.co.unt1.gen.erated@gmail.com - account1generated+zsh8q@gmail.com Still the same inbox. At @Castle_io , we monitor these ecosystems because they regularly show up in signup abuse / account farming campaigns. Note regarding the dataset: All emails were canonicalized: - dots removed - aliases stripped - gmail/googlemail expanded -> If you correlate against your own signups, make sure you canonicalize emails on your side too.

English
0
0
2
527
Castle
Castle@Castle_io·
Disposable email providers are a core piece of infrastructure behind fake account creation and signup abuse. Castle’s research team just open sourced a curated list of disposable email domains observed in real abuse activity, updated daily 🔎 github.com/castle/disposa…
Antoine Vastel@xopek59

@Castle_io 's research team just open sourced a disposable email domain list built from real abuse telemetry 🔎 Disposable email providers are a core piece of infrastructure behind fake account creation and signup abuse, similarly to how proxies enable large-scale traffic distribution. A few things we cared about: - curated, not aggregated from public lists - strictly disposable domains - updated daily - ranked by observed abuse prevalence And yes, before someone says it: attackers also use aged Gmail accounts, compromised inboxes, freshly registered domains, etc 😄 Disposable domains are not the whole problem, but they’re still one of the clearest infrastructure-level signals behind large-scale signup abuse. Repo: github.com/castle/disposa…

English
0
0
3
402
Antoine Vastel
Antoine Vastel@xopek59·
We just launched a research portal at @Castle_io 🔍 blog.castle.io/introducing-ca… Bot detection is inherently adversarial. Attackers: - share tools - collaborate in public - iterate fast Defenders often: - stay quiet - work in silos - rediscover the same patterns We want to change that. Our approach to research: → study how attackers actually operate → focus on signals that survive real-world abuse → design detection with the attacker in mind Not lab conditions. Production reality. This work directly feeds how we build detection systems at Castle. We’ll publish regular deep dives based on hands-on analysis of real tooling, infrastructure, and evasion techniques. Our first report is live 🔥 We analyze BotmasterLabs (XRumer, XEvil), tools that have powered spam and CAPTCHA bypassing at scale for years. castle.io/research/botma…
English
1
1
7
218
Castle
Castle@Castle_io·
Account sharing is a form of account abuse that needs to be detected with more sophistication than just a one-time check during signup or login. Plus, there's no strict rule on how many accounts are okay to share—it's all up to your service's policies. blog.castle.io/how-to-prevent…
English
0
0
4
516
Castle
Castle@Castle_io·
We're increasingly seeing how our customers are not just triggering one, but several different CAPTCHAs based on risk and user context. blog.castle.io/which-captcha-…
English
0
0
1
259
Castle
Castle@Castle_io·
Product update: set up Slack alerts to get notified when suspicious behavior is detected, such as account sharing or multi-accounting. docs.castle.io/changelog/slac…
GIF
English
0
0
3
276
Castle
Castle@Castle_io·
Often our customers find it hard to distinguish between *fraud* and *abuse*. While there are well-defined strategies for preventing fraud, handling abuse often feels like a never-ending game of whack-a-mole, with no one clearly responsible. blog.castle.io/the-different-…
English
0
0
2
252
Castle
Castle@Castle_io·
Preventing online abuse, such as bots and account sharing, is typically integrated into your existing fraud prevention strategy over time. However, long before then, departments like Eng and Ops take on the responsibility for keeping your service safe. blog.castle.io/from-spam-to-s…
English
0
0
1
166
Castle
Castle@Castle_io·
When measures like email or SMS verification are evaluated from a security perspective, they're often shot down as insecure options. However, when it comes to shutting down fraud and abuse *at scale*, things are a bit more nuanced. blog.castle.io/a-guide-to-acc…
English
0
0
2
151
Castle
Castle@Castle_io·
Product update: we just launched the quick explorer in the Castle Dashboard. It allows you to quickly see data associated with any entity, such as all the accounts connected to a specific device or IP. docs.castle.io/changelog/quic…
GIF
English
0
0
1
127
Castle
Castle@Castle_io·
Device fingerprinting *alone* is a way of stopping fraud, but in reality won't determine fraud alone. In practice, you'll have to build features using the fingerprints, preferably aggregating in *real-time* so that they can actually be used for blocking. blog.castle.io/7-fraud-preven…
English
0
0
1
124
Castle
Castle@Castle_io·
As "proxy piercing" has become less effective in 2023 for revealing the true IP address behind a proxy, here are 11 tricks that'll help you predict someone's approximate location while maintaining a good balance of privacy blog.castle.io/11-ways-to-pin…
English
0
0
2
159
Castle
Castle@Castle_io·
Product update: zoom-out button for the selected time range. Quickly zoom back out again after honing in on suspicious traffic spikes. docs.castle.io/changelog/zoom…
GIF
English
0
1
2
127
Castle
Castle@Castle_io·
Device fingerprinting, particularly in the context of fraud prevention, has been getting more attention lately. As a developer, it can be hard to navigate options when vendors put their tech behind paywalls. Here are 9 solutions you can try for free. blog.castle.io/p/e2427c6c-fd4…
English
0
0
1
90
Castle
Castle@Castle_io·
Product update: our APIs now support transaction base amount and granular merchant information, including MCC codes. This comes in handy when monitoring card transactions. docs.castle.io/changelog/impr…
English
0
0
0
99
Castle
Castle@Castle_io·
New feature: Quickly find accounts using the same billing or shipping address. Castle provides a normalized address fingerprint out-of-the-box, but we've added the possibility to use your own. docs.castle.io/changelog/cust…
Castle tweet media
English
0
0
3
227
Castle
Castle@Castle_io·
New feature: We're released a powerful new way of comparing multiple users' activity over time. Find and block those multi-accounters in an instant! docs.castle.io/changelog/comp…
GIF
English
0
0
0
81
Castle
Castle@Castle_io·
Super excited to announce instant link analysis that helps you swiftly detect and prevent sophisticated fraud rings with just a few clicks. Unlike legacy solutions, our feature lets you perform link analysis on live data, providing visibility in real-time blog.castle.io/swiftly-identi…
English
0
1
4
285
Castle
Castle@Castle_io·
New feature: add custom columns, based on any event field. E.g. min/max/average for numbers and unique value count for strings and enums, as well as the most recent value and top 20 docs.castle.io/changelog/cust…
Castle tweet media
English
0
0
0
0
Castle
Castle@Castle_io·
We're excited to introduce the Event Explorer, giving security & fraud teams a new way to discover and investigate malicious activity. The new view allows you to browse & query Castle events, making it much faster to investigate & find patterns of fraud. blog.castle.io/announcing-the…
English
1
0
1
0